Configure the Internal router to accept SSH connections. Use the following guidelines:Note: Internal is already configured with the username SSHAccess and the secret password ciscosshaccess.

The domain name is theccnas.com.

RSA encryption key pair using a modulus of 1024

SSH version 2, timeout of 90 seconds, and 2 authentication retries

All vty lines accept only SSH connections.

Configure the Internal router with server-based AAA authentication and verify its functionality:Note:The AAA server is already configured with RADIUS service, a username CORPSYS, and the password LetSysIn.

The key to connect to the RADIUS server is corpradius.

AAA authentication uses the RADIUS server as the default for console line and vty lines access.

The local database is used as the backup if the RADIUS server connection cannot be established.

Set the maximum number of learned MAC addresses to 2 on FastEthernet ports 0/1 to 0/22. Allow the MAC address to be learned dynamically and to be retained in the running-config. Shutdown the port if a violation occurs.

Disable unused ports (Fa0/2-4, Fa0/6-10, Fa0/13-22).

Configure the trunk link on Fa0/23 and Fa0/24 on both Switch1 and Switch4

Disable DTP negotiation on the trunking ports.

Set the native VLAN as VLAN 50 for the trunk links.

Step 6: Configure an IOS IPS on the Internal Router.

On the Internal router, if asked to login, then login as CORPSYS with password LetSysIn. The enable secret password is ciscoclass.

Use the IPS signature storage location at flash:.

Create an IPS rule named corpips.

Configure the IOS IPS to use the signature categories. Retire the all signature category and unretire the ios_ips basic category.

Create a pair of zones named IN_TO_OUT_ZONEwith the source as CORP-INSIDE and destination as INTERNET.

Specify the policy map INSIDE_TO_INTERNETfor handling the traffic between the two zones.

Create a pair of zones named INTERNET_TO_DMZ_ZONE with the source as INTERNET and destination as CORP-INSIDE.

Assign interfaces to the appropriate security zones.

Verify the ZPF configuration.

The External user can access the URLs http://www.theccnas.com and http://www.externalone.com.

The External user cannot ping the DMZ Web Svr.

The PCs in the internal network can ping and access the External Web Svr URL.

CCNA Security 2.0 PT Practice SA – Part 1 question and answer will be revealed in this post. Hopefully this will helps you guys to pass this CCNA Security 2.0 Packet Tracer Practice SA Part 1 successfully. However, our current answer now only 84% correct. If you have complete 100% answer, please comment below or email to me.